import os.path as op import sys import time import splunktalib.modinput as modinput import splunktalib.common.util as utils import splunktaucclib.common.log as stulog from splunktaucclib.data_collection import ta_data_loader as dl from splunktaucclib.data_collection import ta_config as tc from splunktaucclib.data_collection import ta_checkpoint_manager as cpmgr import splunktalib.orphan_process_monitor as opm import splunktalib.file_monitor as fm from splunktaucclib.common import load_schema_file as ld from splunktaucclib.data_collection import ta_data_client as tdc utils.remove_http_proxy_env_vars() def do_scheme(ta_short_name, ta_name, schema_para_list=None, single_instance=True): """ Feed splunkd the TA's scheme """ param_str = "" builtsin_names = { "name", "index", "sourcetype", "host", "source", "disabled" }
""" Get index list in SPlunk server. """ import ta_tenable_import_declare import json import logging from splunk import admin, rest from splunktaucclib.rest_handler import util, error_ctl from splunktalib.common import util as common_util common_util.remove_http_proxy_env_vars() class IndexHandler(admin.MConfigHandler): def setup(self): return def user_app(self): app = self.context != admin.CONTEXT_NONE and self.appName or "-" user = self.context == admin.CONTEXT_APP_AND_USER and \ self.userName or "nobody" return user, app def handleList(self, confInfo): user, app = self.user_app() try: url = '{uri}/servicesNS/{user}/{app}/data/indexes' \ '?output_mode=json&search=isInternal=0+disabled=0&count=-1' \
def main(): util.remove_http_proxy_env_vars() logger.setLevel(logging.INFO) logging.setup_root_logger(app_name=splunk_ta_aws, modular_name='sns_alert_modular') AwsSnsModularAlert(logger, parse()).run()
import time from splunktalib.common import log import pubsub_mod.google_pubsub_consts as gpc logger = log.Logs(gpc.pubsub_ns).get_logger("main") import splunktalib.common.util as utils import splunktalib.common.pattern as gcp import splunktalib.orphan_process_monitor as opm import google_concurrent_data_loader as gcdl import google_ta_common.ta_common as tacommon import pubsub_mod.google_pubsub_conf as psconf utils.remove_http_proxy_env_vars() utils.disable_stdout_buffer() def print_scheme(): title = "Splunk AddOn for Google" description = "Collect and index PubSub data for Google" tacommon.print_scheme(title, description) @gcp.catch_all(logger) def run(): """ Main loop. Run this TA forever """
def run(ucc_setting): """ Splunk TA Modualr Input entry. """ # Clean http proxy environ utils.remove_http_proxy_env_vars() # Set log level stulog.set_log_level("INFO") meta_configs, _ = modinput.get_modinput_configs_from_stdin() server_info = sc.ServerInfo(meta_configs["server_uri"], meta_configs["session_key"]) if server_info.is_shc_member() and not server_info.is_captain(): # In SHC env, only captain is able to refresh all tokens stulog.logger.info("message=\"{title} will exit\" " "detail_info=\"This search header is not captain\"" .format(title=ucc_setting["title"])) return app_name = ssp.get_appname_from_path( os.path.abspath(_get_modular_input_file())) assert app_name, UCCServerException("app_name is None.") ucc_config = UCCConfig(splunkd_uri=meta_configs["server_uri"], session_key=meta_configs["session_key"], schema=json.dumps(ucc_setting["config"]), user="******", app=app_name) ucc_config_loader = UCCServerConfigLoader( ucc_config, id_locator=ucc_setting["meta.id"], logging_locator=ucc_setting["meta.logging"], local_forwarder_locator=ucc_setting["meta.local_forwarder"], forwarders_snapshot_locator=ucc_setting["meta.forwarder_snapshot"], dispatch_snapshot_locator=ucc_setting["meta.dispatch_snapshot"]) ucc_server_id = ucc_config_loader.get_ucc_server_id(create_if_empty=False) if not ucc_server_id and not server_info.is_shc_member(): ucc_config_loader.enable_local_forwarder() # force to get again ucc_server_id = ucc_config_loader.get_ucc_server_id(create_if_empty=True) ucc_server = UCCServer( meta_configs["server_uri"], meta_configs["session_key"], ucc_config_loader.load_ucc_server_input, [_get_local_conf_dir() + _file for _file in ucc_setting["monitor_file"]], ucc_setting["filter"], ucc_setting["division"], ucc_setting["dispatch"], ucc_config_loader.get_forwarders_snapshot, ucc_config_loader.update_forwarders_snapshot, ucc_config_loader.get_dispatch_snapshot, ucc_config_loader.update_dispatch_snapshot, ucc_server_id, get_log_level_callback=ucc_config_loader.get_ucc_server_log_level) # Setup signal handler _setup_signal(ucc_server, ucc_setting) # Start ucc server ucc_server.start()